deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-27 20:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

CI_153986_Update_credential-guard-known-issues

Browse Source
This commit is contained in:
Anna-Li 2021-08-05 17:10:14 +08:00 committed by GitHub
parent 2a5792b45e
commit 75c51df5c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
View File

@ -21,16 +21,33 @@ ms.reviewer:
**Applies to**
- Windows 10
- Windows Server 2016
- Windows Server 2019
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. Therefore applications that require such capabilities will not function when it is enabled. For further information, see [Application requirements](/windows/access-protection/credential-guard/credential-guard-requirements#application-requirements).
The following known issue has been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/help/4051033):
- Scheduled tasks with stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
- Scheduled tasks with domain user stored credentials fail to run when Credential Guard is enabled. The task fails and reports Event ID 104 with the following message: <br>
"Task Scheduler failed to log on \Test . <br>
Failure occurred in LogonUserExEx . <br>
User Action: Ensure the credentials for the task are correctly specified. <br>
Additional Data: Error Value: 2147943726. 2147943726 : ERROR\_LOGON\_FAILURE (The user name or password is incorrect)."
- When enabling NTLM audit on the domain controller, an Event ID 8004 with an indecipherable username format is logged. For example:
> Log Name: Microsoft-Windows-NTLM/Operational
Source: Microsoft-Windows-Security-Netlogon
Event ID: 8004
Task Category: Auditing NTLM
Level: Information
Description:
Domain Controller Blocked Audit: Audit NTLM authentication to this domain controller.
Secure Channel name: \<Secure Channel name>
User name:
@@CyBAAAAUBQYAMHArBwUAMGAoBQZAQGA1BAbAUGAyBgOAQFAhBwcAsGA6AweAgDA2AQQAMEAwAANAgDA1AQLAIEADBQRAADAtAANAYEA1AwQA0CA5AAOAMEAyAQLAYDAxAwQAEDAEBwMAMEAwAgMAMDACBgRA0HA
Domain name: NULL
- This event stems from a scheduled task running under local user context with the Cumulative Security Update for November 2017 or later and happens when Credential Guard is enabled.
- The username appears in an unusual format because local accounts arent protected by Credential Guard. The task also fails to execute.
- As a workaround, run the scheduled task under a domain user or the computer's SYSTEM account.
The following known issues have been fixed by servicing releases made available in the Cumulative Security Updates for April 2017:
@ -107,4 +124,4 @@ Windows Defender Credential Guard is not supported by either these products, pro
This is not a comprehensive list. Check whether your product vendor, product version, or computer system, supports Windows Defender Credential Guard on systems that run Windows 10 or specific versions of Windows 10. Specific computer system models may be incompatible with Windows Defender Credential Guard.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.
Microsoft encourages third-party vendors to contribute to this page by providing relevant product support information and by adding links to their own product support statements.